The credential-stealing Pony malware is masquerading as Microsoft Publisher documents in an effort to infect unsuspecting users.

David Bisson reports.

A stash of almost two million usernames and passwords, stolen by cybercriminals from users of Facebook, Twitter, Google, Yahoo, LinkedIn and many other sites, has been uncovered.

And it makes for some sorry reading.